TheTechGuide Forum

General Category => Tech Clinic => Topic started by: mjm on March 30, 2008, 05:32:06 PM

Title: Help! Can't open programs, etc
Post by: mjm on March 30, 2008, 05:32:06 PM

I'm unable to open most programs from my desktop and start menu... get a message that says "windows can't find...", etc.. I also get the message "can't find rundll32.exe" when I attempt to use menu items from the control panel. I'm able to use Firefox to access the internet, but Internet Explorer won't open. I'd seriously appreciate any help!! See log below...

Thanks,
Michael

Logfile of HijackThis v1.99.1
Scan saved at 2:24:58 PM, on 3/30/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\Michael\cftmon.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKCU\..\Run: [autoload] C:\Documents and Settings\Michael\cftmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: VonageRestart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: Download &Flash Movies - C:\Program Files\Flash2X\Flash Hunter\save.htm
O8 - Extra context menu item: Download Flash with Flash &Grabber - res://C:\PROGRA~1\FLASHG~1\swfgrab.dll/iesave
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Post Image to Blog - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5003
O8 - Extra context menu item: Tag This Image - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Transload Image to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5004
O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5001
O8 - Extra context menu item: View EXIF - C:\ViewEXIF\EXIF.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Flash - {5699BDDB-A771-4E54-ACBB-BE86921D7892} - C:\PROGRA~1\EZSAVE~1\EZSAVE~1.DLL
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PICgrabber - {4964E240-D53C-11D5-BDA9-444553540000} - C:\Program Files\PICgrabber\PICGRABBER.EXE (HKCU)
O9 - Extra 'Tools' menuitem: PICgrabber - Movie&Image Search/Download Software - {4964E240-D53C-11D5-BDA9-444553540000} - C:\Program Files\PICgrabber\PICGRABBER.EXE (HKCU)
O9 - Extra button: Flash2X Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: &Launch Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (file missing) (HKCU)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab (http://\"http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab\")
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab (http://\"http://www.ipix.com/download/ipixx.cab\")
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/bingame/trix/default/T...nx.1.0.0.87.cab (http://\"http://zone.msn.com/bingame/trix/default/TriJinx.1.0.0.87.cab\")
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games â€“ Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab (http://\"http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab\")
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/bingame/rtlw/default/R...bGameLoader.cab (http://\"http://zone.msn.com/bingame/rtlw/default/ReflexiveWebGameLoader.cab\")
O16 - DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} (QOLCheck Control) - https://www.select2perform.com/cabs/QOLCheck.ocx (http://\"https://www.select2perform.com/cabs/QOLCheck.ocx\")
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab (http://\"http://lads.myspace.com/upload/MySpaceUploader1006.cab\")
O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} (CPlayFirstPiratePoppersControl Object) - http://zone.msn.com/bingame/pppp/default/P...rs.1.0.0.39.cab (http://\"http://zone.msn.com/bingame/pppp/default/PiratePoppers.1.0.0.39.cab\")
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} - http://zone.msn.com/bingame/rock/default/popcaploader1.cab (http://\"http://zone.msn.com/bingame/rock/default/popcaploader1.cab\")
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...99/mcinsctl.cab (http://\"http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,99/mcinsctl.cab\")
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab (http://\"http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab\")
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://zone.msn.com/bingame/dsh2/default/D...h2.1.0.0.68.cab (http://\"http://zone.msn.com/bingame/dsh2/default/DinerDash2.1.0.0.68.cab\")
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab (http://\"http://go.divx.com/plugin/DivXBrowserPlugin.cab\")
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab (http://\"http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab\")
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/chnz/default/mjolauncher.cab (http://\"http://zone.msn.com/bingame/chnz/default/mjolauncher.cab\")
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab (http://\"http://www.worldwinner.com/games/shared/wwlaunch.cab\")
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresponse.one.microsoft.com/...p/TLIEFlash.CAB (http://\"https://rtc1.webresponse.one.microsoft.com/media/xp/TLIEFlash.CAB\")
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab (http://\"http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab\")
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab (http://\"http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab\")
O16 - DPF: {C7E002D6-324B-4500-883D-84B620FD8640} (Bridge Installer) - http://cdn2.zone.msn.com/Bingame/BRDG/data...6/heartbeat.cab (http://\"http://cdn2.zone.msn.com/Bingame/BRDG/dataFiles_64916/heartbeat.cab\")
O16 - DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} (LycosMail Upload Control) - http://mail.lycos.com/hanmail-ax/AttachMail.cab (http://\"http://mail.lycos.com/hanmail-ax/AttachMail.cab\")
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab (http://\"http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab\")
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab (http://\"http://zone.msn.com/bingame/feed/default/SproutLauncher.cab\")
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/cnma/default/ct.cab (http://\"http://zone.msn.com/bingame/cnma/default/ct.cab\")
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games â€“ Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab (http://\"http://zone.msn.com/binframework/v10/StProxy.cab55579.cab\")
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://zone.msn.com/bingame/dash/default/D...sh.1.0.0.98.cab (http://\"http://zone.msn.com/bingame/dash/default/DinerDash.1.0.0.98.cab\")
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab (http://\"http://zone.msn.com/bingame/popcaploader_v10.cab\")
O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} (CPlayFirstSweetopiaControl Object) - http://zone.msn.com/bingame/swet/default/S...ia.1.0.0.46.cab (http://\"http://zone.msn.com/bingame/swet/default/Sweetopia.1.0.0.46.cab\")
O20 - Winlogon Notify: kbdrse - kbdrse.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Title: Help! Can't open programs, etc
Post by: guestolo on March 30, 2008, 08:19:25 PM

Can you do the following
Delete your version of Hijackthis from here
C:\HJT\HijackThis.exe
It's outdated

Then, Download Hijackthis Installer from [color=\"#FF0000\"]HERE[/color] (http://\"http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe\")
For an alternate download location, you can try HERE (http://\"http://fileforum.betanews.com/detail/HijackThis/1071179190/1\")
SAVE it to your desktop
Double click on HJTInstall.exe to run it
Choose Install

Hijackthis v2.0.2 will open
Can you close it for now, we'll need it later

Afterwards:
Download [color=\"#008000\"]Deckard's System Scanner (dss.exe)[/color] (http://\"http://deckard.geekstogo.com/dss.exe\") to your desktop.
Close all applications and windows.
Double-click on dss.exe to run it and follow the prompts.
When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.

Post back just the Whole contents of Main.txt and Extra.txt

Title: Help! Can't open programs, etc
Post by: mjm on March 30, 2008, 09:04:59 PM

I downloaded both of the programs you listed but can't install them (I get a pop up when I click on them that says "can't find the file...". I've attempted several times to boot into safe mode in order to install the programs but I encounter two problems: 1) I can't execute msconfig from the command line, and 2) My keyboard doesn't power on until windows has already loaded (F8 doesn't work).

Any suggestions?

Thanks,
Michael

Title: Help! Can't open programs, etc
Post by: guestolo on March 30, 2008, 09:16:21 PM

Can you use a keyboard that will allow you to enter safe mode with the F8?
This would definitely help

Can you also do the following
You were able to get Hijackthis 1.99.1 to run
It should still be in the recycle bin, can you restore it

Can you also make another folder
Something like
C:\HijackThis

Then try downloading the latest version of Hijackthis from here
http://www.trendsecure.com/portal/en-US/_d.../HiJackThis.exe (http://\"http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe\")
Save it to the Hijackthis folder

Are you able to run it?

Title: Help! Can't open programs, etc
Post by: mjm on March 30, 2008, 09:42:21 PM

Okay... I was able to install and run HJT by running xp_exe_fix.reg that was posted earlier in this forum for a similar issue. I ran DSS but my virus software (McCafe) interupts the process with a pop up regarding a possible suspicious script. Is it okay to allow the script to run?

Here's the updated log file from HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:48:30 PM, on 3/30/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\Michael\cftmon.exe
O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKCU\..\Run: [autoload] C:\Documents and Settings\Michael\cftmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: VonageRestart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: Download &Flash Movies - C:\Program Files\Flash2X\Flash Hunter\save.htm
O8 - Extra context menu item: Download Flash with Flash &Grabber - res://C:\PROGRA~1\FLASHG~1\swfgrab.dll/iesave
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Post Image to Blog - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5003
O8 - Extra context menu item: Tag This Image - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Transload Image to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5004
O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5001
O8 - Extra context menu item: View EXIF - C:\ViewEXIF\EXIF.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Flash - {5699BDDB-A771-4E54-ACBB-BE86921D7892} - C:\PROGRA~1\EZSAVE~1\EZSAVE~1.DLL
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PICgrabber - {4964E240-D53C-11D5-BDA9-444553540000} - C:\Program Files\PICgrabber\PICGRABBER.EXE (HKCU)
O9 - Extra 'Tools' menuitem: PICgrabber - Movie&Image Search/Download Software - {4964E240-D53C-11D5-BDA9-444553540000} - C:\Program Files\PICgrabber\PICGRABBER.EXE (HKCU)
O9 - Extra button: Flash2X Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: &Launch Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (file missing) (HKCU)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab (http://\"http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab\")
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab (http://\"http://www.ipix.com/download/ipixx.cab\")
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/bingame/trix/default/T...nx.1.0.0.87.cab (http://\"http://zone.msn.com/bingame/trix/default/TriJinx.1.0.0.87.cab\")
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games â€“ Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab (http://\"http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab\")
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/bingame/rtlw/default/R...bGameLoader.cab (http://\"http://zone.msn.com/bingame/rtlw/default/ReflexiveWebGameLoader.cab\")
O16 - DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} (QOLCheck Control) - https://www.select2perform.com/cabs/QOLCheck.ocx (http://\"https://www.select2perform.com/cabs/QOLCheck.ocx\")
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab (http://\"http://lads.myspace.com/upload/MySpaceUploader1006.cab\")
O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} (CPlayFirstPiratePoppersControl Object) - http://zone.msn.com/bingame/pppp/default/P...rs.1.0.0.39.cab (http://\"http://zone.msn.com/bingame/pppp/default/PiratePoppers.1.0.0.39.cab\")
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} - http://zone.msn.com/bingame/rock/default/popcaploader1.cab (http://\"http://zone.msn.com/bingame/rock/default/popcaploader1.cab\")
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...99/mcinsctl.cab (http://\"http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,99/mcinsctl.cab\")
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab (http://\"http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab\")
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://zone.msn.com/bingame/dsh2/default/D...h2.1.0.0.68.cab (http://\"http://zone.msn.com/bingame/dsh2/default/DinerDash2.1.0.0.68.cab\")
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab (http://\"http://go.divx.com/plugin/DivXBrowserPlugin.cab\")
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab (http://\"http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab\")
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/chnz/default/mjolauncher.cab (http://\"http://zone.msn.com/bingame/chnz/default/mjolauncher.cab\")
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab (http://\"http://www.worldwinner.com/games/shared/wwlaunch.cab\")
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresponse.one.microsoft.com/...p/TLIEFlash.CAB (http://\"https://rtc1.webresponse.one.microsoft.com/media/xp/TLIEFlash.CAB\")
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab (http://\"http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab\")
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab (http://\"http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab\")
O16 - DPF: {C7E002D6-324B-4500-883D-84B620FD8640} (Bridge Installer) - http://cdn2.zone.msn.com/Bingame/BRDG/data...6/heartbeat.cab (http://\"http://cdn2.zone.msn.com/Bingame/BRDG/dataFiles_64916/heartbeat.cab\")
O16 - DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} (LycosMail Upload Control) - http://mail.lycos.com/hanmail-ax/AttachMail.cab (http://\"http://mail.lycos.com/hanmail-ax/AttachMail.cab\")
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab (http://\"http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab\")
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab (http://\"http://zone.msn.com/bingame/feed/default/SproutLauncher.cab\")
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/cnma/default/ct.cab (http://\"http://zone.msn.com/bingame/cnma/default/ct.cab\")
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games â€“ Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab (http://\"http://zone.msn.com/binframework/v10/StProxy.cab55579.cab\")
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://zone.msn.com/bingame/dash/default/D...sh.1.0.0.98.cab (http://\"http://zone.msn.com/bingame/dash/default/DinerDash.1.0.0.98.cab\")
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab (http://\"http://zone.msn.com/bingame/popcaploader_v10.cab\")
O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} (CPlayFirstSweetopiaControl Object) - http://zone.msn.com/bingame/swet/default/S...ia.1.0.0.46.cab (http://\"http://zone.msn.com/bingame/swet/default/Sweetopia.1.0.0.46.cab\")
O20 - Winlogon Notify: kbdrse - kbdrse.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 11771 bytes

Title: Help! Can't open programs, etc
Post by: guestolo on March 30, 2008, 09:48:43 PM

Quote

I was able to install and run HJT by running xp_exe_fix.reg that was posted earlier in this forum

Good work, was it a post I helped in?

/wink.gif\' class=\'bbc_emoticon\' alt=\';)\' />

Yes please, go ahead and run dss.exe
Allow it to run thru McAfee

Title: Help! Can't open programs, etc
Post by: mjm on March 30, 2008, 10:02:10 PM

DSS didn't generate a file called extra.txt, but here is main.txt. Let me know if I'll need to try something else to get the other text file. Thanks.

Deckard's System Scanner v20071014.68
Run by Michael on 2008-03-30 21:14:31
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Michael.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:14:35 PM, on 3/30/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Michael\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Michael.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\Michael\cftmon.exe
O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKCU\..\Run: [autoload] C:\Documents and Settings\Michael\cftmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: VonageRestart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: Download &Flash Movies - C:\Program Files\Flash2X\Flash Hunter\save.htm
O8 - Extra context menu item: Download Flash with Flash &Grabber - res://C:\PROGRA~1\FLASHG~1\swfgrab.dll/iesave
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Post Image to Blog - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5003
O8 - Extra context menu item: Tag This Image - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Transload Image to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5004
O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5001
O8 - Extra context menu item: View EXIF - C:\ViewEXIF\EXIF.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Flash - {5699BDDB-A771-4E54-ACBB-BE86921D7892} - C:\PROGRA~1\EZSAVE~1\EZSAVE~1.DLL
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PICgrabber - {4964E240-D53C-11D5-BDA9-444553540000} - C:\Program Files\PICgrabber\PICGRABBER.EXE (HKCU)
O9 - Extra 'Tools' menuitem: PICgrabber - Movie&Image Search/Download Software - {4964E240-D53C-11D5-BDA9-444553540000} - C:\Program Files\PICgrabber\PICGRABBER.EXE (HKCU)
O9 - Extra button: Flash2X Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: &Launch Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (file missing) (HKCU)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab (http://\"http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab\")
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab (http://\"http://www.ipix.com/download/ipixx.cab\")
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/bingame/trix/default/T...nx.1.0.0.87.cab (http://\"http://zone.msn.com/bingame/trix/default/TriJinx.1.0.0.87.cab\")
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games â€“ Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab (http://\"http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab\")
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/bingame/rtlw/default/R...bGameLoader.cab (http://\"http://zone.msn.com/bingame/rtlw/default/ReflexiveWebGameLoader.cab\")
O16 - DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} (QOLCheck Control) - https://www.select2perform.com/cabs/QOLCheck.ocx (http://\"https://www.select2perform.com/cabs/QOLCheck.ocx\")
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab (http://\"http://lads.myspace.com/upload/MySpaceUploader1006.cab\")
O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} (CPlayFirstPiratePoppersControl Object) - http://zone.msn.com/bingame/pppp/default/P...rs.1.0.0.39.cab (http://\"http://zone.msn.com/bingame/pppp/default/PiratePoppers.1.0.0.39.cab\")
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} - http://zone.msn.com/bingame/rock/default/popcaploader1.cab (http://\"http://zone.msn.com/bingame/rock/default/popcaploader1.cab\")
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...99/mcinsctl.cab (http://\"http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,99/mcinsctl.cab\")
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab (http://\"http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab\")
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://zone.msn.com/bingame/dsh2/default/D...h2.1.0.0.68.cab (http://\"http://zone.msn.com/bingame/dsh2/default/DinerDash2.1.0.0.68.cab\")
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab (http://\"http://go.divx.com/plugin/DivXBrowserPlugin.cab\")
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab (http://\"http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab\")
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/chnz/default/mjolauncher.cab (http://\"http://zone.msn.com/bingame/chnz/default/mjolauncher.cab\")
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab (http://\"http://www.worldwinner.com/games/shared/wwlaunch.cab\")
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresponse.one.microsoft.com/...p/TLIEFlash.CAB (http://\"https://rtc1.webresponse.one.microsoft.com/media/xp/TLIEFlash.CAB\")
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab (http://\"http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab\")
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab (http://\"http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab\")
O16 - DPF: {C7E002D6-324B-4500-883D-84B620FD8640} (Bridge Installer) - http://cdn2.zone.msn.com/Bingame/BRDG/data...6/heartbeat.cab (http://\"http://cdn2.zone.msn.com/Bingame/BRDG/dataFiles_64916/heartbeat.cab\")
O16 - DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} (LycosMail Upload Control) - http://mail.lycos.com/hanmail-ax/AttachMail.cab (http://\"http://mail.lycos.com/hanmail-ax/AttachMail.cab\")
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab (http://\"http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab\")
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab (http://\"http://zone.msn.com/bingame/feed/default/SproutLauncher.cab\")
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/cnma/default/ct.cab (http://\"http://zone.msn.com/bingame/cnma/default/ct.cab\")
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games â€“ Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab (http://\"http://zone.msn.com/binframework/v10/StProxy.cab55579.cab\")
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://zone.msn.com/bingame/dash/default/D...sh.1.0.0.98.cab (http://\"http://zone.msn.com/bingame/dash/default/DinerDash.1.0.0.98.cab\")
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab (http://\"http://zone.msn.com/bingame/popcaploader_v10.cab\")
O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} (CPlayFirstSweetopiaControl Object) - http://zone.msn.com/bingame/swet/default/S...ia.1.0.0.46.cab (http://\"http://zone.msn.com/bingame/swet/default/Sweetopia.1.0.0.46.cab\")
O20 - Winlogon Notify: kbdrse - kbdrse.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 11809 bytes

-- Files created between 2008-02-29 and 2008-03-30 -----------------------------

2008-03-30 20:48:11 0 d-------- C:\Program Files\Trend Micro
2008-03-30 19:05:20 0 d-------- C:\I386
2008-03-30 14:31:33 5120 --a------ C:\Documents and Settings\Michael\ftp33.dll
2008-03-30 14:09:15 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-03-30 14:09:15 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-03-30 14:09:15 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-03-30 14:09:15 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-03-30 14:09:15 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-03-30 14:09:15 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-03-30 14:09:15 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-03-30 14:09:15 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-03-30 14:09:15 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-03-30 14:09:15 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-03-30 14:09:15 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-03-30 14:09:15 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-03-30 14:09:15 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-03-30 14:09:15 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-03-30 13:55:25 0 d-------- C:\HJT
2008-03-30 13:39:14 0 d-------- C:\Documents and Settings\Michael\.housecall6.6
2008-03-30 09:40:48 49696 --a------ C:\Documents and Settings\Michael\cftmon.exe
2008-03-30 09:40:45 18944 --a------ C:\W3NG.exe
2008-03-22 00:35:55 0 d-------- C:\Program Files\Active Data Recovery Services
2008-03-20 12:30:08 0 d-------- C:\WINDOWS\pss
2008-03-18 13:53:40 0 d-------- C:\Documents and Settings\Michael\Application Data\HP
2008-03-16 08:44:49 0 d-------- C:\Documents and Settings\Trina\Application Data\HPAppData
2008-03-15 18:24:20 0 d-------- C:\Documents and Settings\All Users\Application Data\WEBREG
2008-03-15 18:21:56 0 d-------- C:\Documents and Settings\Michael\Application Data\HPAppData
2008-03-15 18:21:48 0 d-------- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2008-03-15 18:20:45 0 d-------- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-03-15 18:20:43 0 d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-03-15 18:19:22 0 d-------- C:\Program Files\Common Files\HP
2008-03-15 18:17:58 0 d-------- C:\Program Files\HP
2008-03-15 17:57:10 2828 -----n--- C:\WINDOWS\hphmdl15.dat
2008-03-15 17:57:10 137607 --a------ C:\WINDOWS\HPHins15.dat
2008-03-15 17:57:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-03-13 09:20:08 0 d-------- C:\Documents and Settings\Michael\Application Data\Total Eclipse
2008-03-10 12:41:23 0 d-------- C:\Documents and Settings\Michael\Application Data\Jane s Hotel
2008-03-10 02:29:08 61440 --a------ C:\scdd.exe
2008-03-06 23:14:54 0 d-------- C:\Documents and Settings\Michael\Application Data\gemsweeperextractedgfx
2008-03-06 23:14:54 0 d-------- C:\Documents and Settings\All Users\Application Data\My Games
2008-03-06 09:40:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Zylom
2008-03-05 23:59:25 0 d-------- C:\Program Files\ImageShackToolbar

-- Find3M Report ---------------------------------------------------------------

2008-03-30 10:24:01 0 d-------- C:\Documents and Settings\Michael\Application Data\MSN6
2008-03-30 09:59:35 0 d-------- C:\Documents and Settings\Michael\Application Data\Identities
2008-03-28 18:56:28 0 d-------- C:\Documents and Settings\Michael\Application Data\uTorrent
2008-03-28 10:28:57 0 d-------- C:\Documents and Settings\Michael\Application Data\PlayFirst
2008-03-15 18:19:22 0 d-------- C:\Program Files\Common Files
2008-03-15 18:12:58 0 d-------- C:\Program Files\EPSON
2008-03-15 18:10:28 0 d-------- C:\Program Files\MSN Games
2008-03-13 09:20:07 0 d-------- C:\Documents and Settings\Michael\Application Data\Adobe
2008-02-17 15:17:58 0 d-------- C:\Documents and Settings\Michael\Application Data\Macromedia

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [02/04/2002 10:32 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 09:50 AM]
"MediaFace Integration"="C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe" [12/10/2004 04:39 PM]
"Logitech Utility"="Logi_MwX.Exe" [03/04/2003 02:50 AM C:\WINDOWS\LOGI_MWX.EXE]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [09/22/2005 05:29 PM]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [01/11/2006 12:05 PM]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [07/08/2005 05:18 PM]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [08/10/2005 11:49 AM]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [08/11/2005 09:02 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [11/10/2005 12:03 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [01/01/2006 09:23 PM]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [08/23/2006 10:38 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [12/11/2007 10:56 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [12/11/2007 12:10 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [03/11/2007 09:34 PM]
"TotalRecorderScheduler"="C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe" [05/12/2006 01:32 AM]
"ntuser"="C:\WINDOWS\system32\drivers\spools.exe" []
"autoload"="C:\Documents and Settings\Michael\cftmon.exe" [03/30/2008 09:40 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"ntuser"="C:\WINDOWS\system32\drivers\spools.exe" []
"autoload"="C:\Documents and Settings\Michael\cftmon.exe" [03/30/2008 09:40 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

C:\Documents and Settings\Michael\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/4/2005 9:36:22 PM]
VonageRestart.exe [8/17/2006 3:58:46 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [3/11/2007 9:26:24 PM]
Monitor.lnk - C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe [3/11/2006 6:17:46 PM]
NkvMon.exe.lnk - C:\Program Files\Nikon\NkView6\NkvMon.exe [3/16/2006 1:22:23 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\kbdrse]
kbdrse.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e800ec2-8ab1-11d9-914c-806d6172696f}]
AutoRun\command- D:\setup.exe

-- End of Deckard's System Scanner: finished at 2008-03-30 21:15:15 ------------

Title: Help! Can't open programs, etc
Post by: guestolo on March 30, 2008, 10:05:30 PM

Look in the bottom taskbar, is extra.txt minimized there?

If not, go to the following folder
C:\Deckard
Do you see it somewhere in there?

Title: Help! Can't open programs, etc
Post by: mjm on March 30, 2008, 10:15:56 PM

I can't get DSS to generate extra.txt again for some reason, but apparently my first attempt generated a file (I found it in C/Deckard). Here ya go:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600)
Architecture: X86; Language: English

CPU 0: AMD Athlon(tm) XP 2000+
Percentage of Memory in Use: 57%
Physical Memory (total/avail): 511.49 MiB / 218.92 MiB
Pagefile Memory (total/avail): 1481.89 MiB / 1258.7 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1947.18 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 75.93 GiB total, 46.63 GiB free.
D: is CDROM (CDFS)
E: is CDROM (No Media)
F: is Fixed (NTFS) - 52.07 GiB total, 38.72 GiB free.
G: is CDROM (No Media)
I: is Fixed (Unformatted) - 0 GiB total, 0 GiB free.
J: is Fixed (Unformatted) - 0 GiB total, 0 GiB free.

\\.\PHYSICALDRIVE0 - WDC WD1600JB-00GVA0 - 128 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 75.93 GiB - C:
\PARTITION1 - Installable File System - 52.07 GiB - F:

\\.\PHYSICALDRIVE1 - DMI WD2500JB-00REA0 IEEE 1394 SBP2 Device - 232.88 GiB - 2 partitions
\PARTITION0 - Installable File System - 83.01 GiB - I:
\PARTITION1 - Installable File System - 149.87 GiB - J:

-- Security Center -------------------------------------------------------------

AUOptions is disabled.
AUState says computer is ready and waiting.

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Michael\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MICHAEL-N66C1KN
ComSpec=C:\WINDOWS\system32\cmd.exe
DiskeeperIcon=C:\Program Files\Executive Software\DiskeeperWorkstation\
HOMEDRIVE=C:
HOMEPATH=\
LOGONSERVER=\\MICHAEL-N66C1KN
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Executive Software\DiskeeperWorkstation\;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 6 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0602
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Michael\LOCALS~1\Temp
TMP=C:\DOCUME~1\Michael\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=MICHAEL-N66C1KN
USERNAME=Michael
USERPROFILE=C:\Documents and Settings\Michael
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

Michael (admin)
Trina (admin)
Administrator (new local, admin)

-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Active@ File Recovery 7.3 --> "C:\Program Files\Active Data Recovery Services\Active File Recovery\UNWISE.EXE" "C:\Program Files\Active Data Recovery Services\Active File Recovery\INSTALL.LOG"
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\System32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player Plugin --> C:\WINDOWS\System32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 7.0.7 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70700000002}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}
Adobe SVG Viewer --> C:\WINDOWS\IsUninst.exe -f"C:\WINDOWS\System32\Adobe\SVG Viewer\Uninst.isu"
Adventure Ball --> C:\PROGRA~1\MSNGAM~2\GAMESP~1\ADVENT~1\UNWISE.EXE /U C:\PROGRA~1\MSNGAM~2\GAMESP~1\ADVENT~1\INSTALL.LOG
Alex Kidd in the Enchanted Castle --> "C:\Program Files\Alex Kidd in the Enchanted Castle\unins000.exe"
AnswerWorks 4.0 Runtime - English --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Arial Sound Recorder version 1.4.1 --> "C:\Program Files\Arial Sound Recorder\unins000.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVI Info --> C:\WINDOWS\st6unst.exe -n "C:\AVI Info\ST6UNST.LOG"
B/Works for Digital Cameras --> "C:\Program Files\BWorks\unins000.exe"
BitTorrent 4.22.4 --> "C:\Program Files\BitTorrent\uninstall.exe"
BR's EXIFextracter v0.9 --> "C:\Program Files\exifextracter\unins000.exe"
Cafe Mahjongg --> C:\PROGRA~1\MSNGAM~2\GAMESP~1\CAFEMA~1\UNWISE.EXE /U C:\PROGRA~1\MSNGAM~2\GAMESP~1\CAFEMA~1\INSTALL.LOG
Capture NX --> C:\Program Files\Nikon\Capture NX\uninstall.exe
Casper Activity Center --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Sound Source Interactive\Casper Activity Center\Uninst.isu"
Chocolatier 2 --> C:\PROGRA~1\MSNGAM~2\GAMESP~1\CHOCOL~1\UNWISE.EXE /U C:\PROGRA~1\MSNGAM~2\GAMESP~1\CHOCOL~1\INSTALL.LOG
Christmasville --> "C:\Program Files\Christmasville\ReflexiveArcade\unins000.exe"
ClearSkinFX for Digital Cameras --> "C:\Program Files\ClearSkin\unins000.exe"
ColorCastFX for Digital Cameras --> "C:\Program Files\ColorCast\unins000.exe"
Digital Camera Enhancer --> "C:\Program Files\DCEnhancer\unins000.exe"
Diner Dash --> C:\PROGRA~1\MSNGAM~2\GAMESP~1\DINERD~2\UNWISE.EXE /U C:\PROGRA~1\MSNGAM~2\GAMESP~1\DINERD~2\INSTALL.LOG
Diner Dash 2 --> "C:\Program Files\MSN Games\Diner Dash 2\Uninstall.exe" "C:\Program Files\MSN Games\Diner Dash 2\install.log"
Direct WAV MP3 Splitter 2.4 --> "C:\Program Files\Direct WAV MP3 Splitter\unins000.exe"
DiskeeperWorkstation --> MsiExec.exe /I{DF455F10-786F-41E4-805D-0CB59063FC9E}
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD-TO-AVI V1.9 --> "C:\Program Files\Dvd-to-avi\unins000.exe"
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
DVDFab Decrypter 2.9.7.2 --> "C:\Program Files\DVDFab Decrypter\unins000.exe"
EZ Save Flash --> C:\PROGRA~1\EZSAVE~1\UNWISE.EXE C:\PROGRA~1\EZSAVE~1\INSTALL.LOG
Fab Fashion --> C:\PROGRA~1\MSNGAM~2\GAMESP~1\FABFAS~1\UNWISE.EXE /U C:\PROGRA~1\MSNGAM~2\GAMESP~1\FABFAS~1\INSTALL.LOG
Farm Frenzy --> C:\PROGRA~1\MSNGAM~2\GAMESP~1\FARMFR~1\UNWISE.EXE /U C:\PROGRA~1\MSNGAM~2\GAMESP~1\FARMFR~1\INSTALL.LOG
Fashion Boutique --> C:\PROGRA~1\MSNGAM~2\GAMESP~1\FASHIO~1\UNWISE.EXE /U C:\PROGRA~1\MSNGAM~2\GAMESP~1\FASHIO~1\INSTALL.LOG
FilterSIM for Digital Cameras --> "C:\Program Files\FilterSim\unins000.exe"
FinePixViewer Ver.4.2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24ED4D80-8294-11D5-96CD-0040266301AD}\SETUP.EXE"
Fishing Craze --> C:\PROGRA~1\MSNGAM~2\GAMESP~1\FISHIN~1\UNWISE.EXE /U C:\PROGRA~1\MSNGAM~2\GAMESP~1\FISHIN~1\INSTALL.LOG
Flash Grabber 1.0 --> C:\PROGRA~1\FLASHG~1\UNWISE.EXE C:\PROGRA~1\FLASHG~1\install.log
Focus Magic --> C:\Program Files\Focus Magic\esuninst.exe C:\Program Files\Focus Magic
Fraps (remove only) --> "C:\Fraps\uninstall.exe"
FUJIFILM USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"
Gemsweeper --> C:\PROGRA~1\MSNGAM~2\GAMESP~1\GEMSWE~1\UNWISE.EXE /U C:\PROGRA~1\MSNGAM~2\GAMESP~1\GEMSWE~1\INSTALL.LOG
Google Video Uploader --> "C:\Program Files\Google Video\Uninstall.exe"
HijackThis 1.99.1 --> C:\HJT\HijackThis.exe /uninstall
HP Customer Participation Program 9.0 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Deskjet Printer Driver Software 9.0 --> C:\Program Files\HP\Digital Imaging\{03E66394-42F0-4745-85F7-0A2F8F35C09F}\setup\hpzscr01.exe -datfile hphscr15.dat -showdisconnect -forcereboot
HP Imaging Device Functions 9.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential 2.01 --> C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Smart Web Printing --> MsiExec.exe /X{415CDA53-9100-476F-A7B2-476691E117C7}
HP Solution Center 9.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update --> MsiExec.exe /X{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}
HPSSupply --> MsiExec.exe /X{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}
ImageMixer VCD2 for FinePix --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{934E9442-D305-4ACF-AD87-A6C11D677CB9}\setup.exe"
ImageShack Toolbar for Internet Explorer --> MsiExec.exe /I{A518D6D8-0A3F-4A91-B4B5-07AF2CDD6E57}
iTunes --> MsiExec.exe /I{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}
J2SE Runtime Environment 5.0 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Jane's Hotel --> C:\PROGRA~1\MSNGAM~2\GAMESP~1\JANE'S~1\UNWISE.EXE /U C:\PROGRA~1\MSNGAM~2\GAMESP~1\JANE'S~1\INSTALL.LOG
Kodak DIGITAL GEM Airbrush Professional Plug-In 1.0.1 --> MsiExec.exe /I{7E5B4758-346B-4D77-BB1A-1BC878ED7498}
LBT Preschool Adventure --> C:\PROGRA~1\BRIGHT~1\LBTPRE~1\UNWISE.EXE C:\PROGRA~1\BRIGHT~1\LBTPRE~1\INSTALL.LOG
Lernout & Hauspie TruVoice American English TTS Engine --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, Uninstall
LimeWire 4.12.6 --> "C:\Program Files\LimeWire\uninstall.exe"
Little Shop - City Lights --> C:\PROGRA~1\MSNGAM~2\GAMESP~1\LITTLE~1\UNWISE.EXE /U C:\PROGRA~1\MSNGAM~2\GAMESP~1\LITTLE~1\INSTALL.LOG
Logitech MouseWare 9.76 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\setup.exe" -l0x9 -l0009 UNINSTALL
Logitech Resource Center --> C:\PROGRA~1\Logitech\RESOUR~1\rem\UNWISE.EXE C:\PROGRA~1\Logitech\RESOUR~1\rem\INSTALL.LOG
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
McAfee SecurityCenter --> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=msc /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\screm.ui::uninstall.htm
McAfee VirusScan --> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=vso /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\vsoremui.dll::uninstall.htm
MediaFACE 4.01 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{7E9E66D5-F9C4-4071-BB11-C87F4C3A6869}
Microsoft Internet Explorer 6 SP1 --> rundll32 C:\WINDOWS\System32\setupwbv.dll,IE6Maintenance C:\Program Files\Internet Explorer\IE Uninstall\W2KEXCP.EXE /u
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
MicroStaff WINASPI --> C:\MWASPI\uninst.exe
Mozilla Firefox (1.0.7) --> C:\WINDOWS\UninstallFirefox.exe /ua "1.0.7 (en-US)"
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
Neptune's Secret --> C:\PROGRA~1\MSNGAM~2\GAMESP~1\NEPTUN~1\UNWISE.EXE /U C:\PROGRA~1\MSNGAM~2\GAMESP~1\NEPTUN~1\INSTALL.LOG
Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NeroMIX --> C:\WINDOWS\UNNMIX.exe /UNINSTALL
NeroVision Express 2 --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
NeroVision Express 2 Content --> C:\WINDOWS\UNNVEContent.exe /UNINSTALL
nik Sharpener Pro 2.0 Complete --> C:\WINDOWS\unvise32.exe C:\Program Files\Adobe\Adobe Photoshop CS2\Plug-Ins\nik Sharpener Pro 2.0 Complete\uninstal.log
Nikon Message Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\Setup.exe" -l0x9 UNINSTALL
Nikon View 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AAB84E83-C8DF-4752-9DFC-2E2A48EE5E9F}\setup.exe" UNINSTALL
NikonCapture --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{21DDC579-834B-4C14-8122-853994FA2214}\Setup.exe" -l0x9 UNINSTALL
Opanda PowerExif 1.2 Professional Trial --> "C:\Program Files\Opanda\PowerExif 1.2\unins000.exe"
Outlook Express Q823353 --> C:\WINDOWS\oeuninst.exe C:\WINDOWS\INF\Q823353.inf
PeerGuardian 2.0 --> "C:\Program Files\PeerGuardian2\unins000.exe"
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
PictureProject In Touch Downloader 1.0 --> C:\Program Files\PictureProject In Touch Downloader\uninst.exe
Pizza Chef --> C:\PROGRA~1\MSNGAM~2\GAMESP~1\PIZZAC~1\UNWISE.EXE /U C:\PROGRA~1\MSNGAM~2\GAMESP~1\PIZZAC~1\INSTALL.LOG
PowerQuest PartitionMagic Pro 7.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E39C74DF-58FD-4E52-9888-2CC59DFB0B34}\Setup.exe"
Private Eye Greatest Unsolved Mysteries --> C:\PROGRA~1\MSNGAM~2\GAMESP~1\PRIVAT~1\UNWISE.EXE /U C:\PROGRA~1\MSNGAM~2\GAMESP~1\PRIVAT~1\INSTALL.LOG
QuickTime --> MsiExec.exe /I{E0D51394-1D45-460A-B62D-383BC4F8B335}
RAW FILE CONVERTER LE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D680C913-5955-469D-9D88-C1940F7506D6}\SETUP.EXE" -l0x9
RawShooter essentials 2005 --> C:\PROGRA~1\PIXMAN~1\RAWSHO~1.0\UNWISE.EXE C:\PROGRA~1\PIXMAN~1\RAWSHO~1.0\INSTALL.LOG
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rhapsody Player Engine --> MsiExec.exe /I{6A136B9A-1895-436F-83F8-30D9C68BB6EA}
SanDisk TransferMate --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{601C6E14-DF1E-4113-A8C8-F9DB90CB0D88}\Setup.exe" -l0x9
SnagIt 7 --> C:\Program Files\TechSmith\SnagIt 7\SIUNINST.EXE
SoulSeek Client 156c --> "C:\Program Files\Soulseek\uninstall.exe"
SoundCapture --> C:\PROGRA~1\MAGICS~1\SC\UNWISE.EXE C:\PROGRA~1\MAGICS~1\SC\INSTALL.LOG
Super DVD Ripper (remove only) --> "C:\Program Files\Super DVD Ripper\sdvd-uninst.exe"
Super Mah Jong --> C:\PROGRA~1\MSNGAM~2\GAMESP~1\SUPERM~1\UNWISE.EXE /U C:\PROGRA~1\MSNGAM~2\GAMESP~1\SUPERM~1\INSTALL.LOG
Supercow --> C:\PROGRA~1\MSNGAM~2\GAMESP~1\Supercow\UNWISE.EXE /U C:\PROGRA~1\MSNGAM~2\GAMESP~1\Supercow\INSTALL.LOG
The Land Before Time Kindergarten Adventure --> C:\Lbtkind\UNWISE.EXE C:\Lbtkind\INSTALL.LOG
The Mystery of Veggie Island --> C:\WINDOWS\uninst.exe -fC:\PROGRA~1\BigIdea\THEMYS~1\DeIsL1.isu
The Next Tetris --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Atari\The Next Tetris\Uninst.isu"
The Office --> C:\PROGRA~1\MSNGAM~2\GAMESP~1\THEOFF~1\UNWISE.EXE /U C:\PROGRA~1\MSNGAM~2\GAMESP~1\THEOFF~1\INSTALL.LOG
The Scruffs --> C:\PROGRA~1\MSNGAM~2\GAMESP~1\THESCR~1\UNWISE.EXE /U C:\PROGRA~1\MSNGAM~2\GAMESP~1\THESCR~1\INSTALL.LOG
Total Recorder 6.0 --> "C:\Program Files\HighCriteria\TotalRecorder\setup.exe" U
TurboTax Basic 2005 --> C:\Program Files\TurboTax\Basic 2005\TaxUnst.EXE "C:\Program Files\TurboTax\Basic 2005\Uninstall.log" -NoGui
TurboTax Basic 2006 --> C:\Program Files\TurboTax\Basic 2006\TaxUnst.EXE "C:\Program Files\TurboTax\Basic 2006\Uninstall.log" -NoGui
TurboTax Basic 2007 --> C:\Program Files\TurboTax\Basic 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Basic 2007\Uninstall.log" -NoGui
TurboTax ItsDeductible 2005 --> MsiExec.exe /X{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}
TurboTax ItsDeductible 2006 --> MsiExec.exe /X{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}
U.B. Funkeys --> C:\Program Files\U.B. Funkeys\uninstall.exe
Ulead VideoStudio 7 SE Basic --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{757AD3D4-036B-42FA-B0A4-96BD6F4605A0}\setup.exe" -l0x9
Uninstall Mystical --> C:\WINDOWS\unvise32.exe c:\program files\adobe\photoshop 6.0\plug-ins\Mystical\Mystical Uninstall.log
Veoh Player --> C:\Program Files\InstallShield Installation Information\{3D5A72E1-1467-4199-8CF6-12DA8D502A6B}\setup.exe -runfromtemp -l0x0409
VideoLAN VLC media player 0.8.6 --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Virtools 3D Life Player --> C:\Program Files\Virtools\3D Life Player\WebplayerConfig.exe -u
Wedding Dash --> C:\PROGRA~1\MSNGAM~2\GAMESP~1\WEDDIN~1\UNWISE.EXE /U C:\PROGRA~1\MSNGAM~2\GAMESP~1\WEDDIN~1\INSTALL.LOG
WexTech AnswerWorks --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}\SETUP.EXE" -l0x9 -eliminate
WFA 3.5 --> "C:\Program Files\wfa\unist\unins000.exe"
Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows XP Application Compatibility Update[Q319580] --> C:\WINDOWS\$NtUninstallQ319580$\spuninst\spuninst.exe
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Wondershare Video To Flash Encoder(Build 1.8.1.1) Trial Version --> "C:\Program Files\Wondershare\Video To Flash Encoder\unins000.exe"
WP Pro --> "C:\Program Files\FredMiranda\WP Pro\Uninstall.exe" "C:\Program Files\FredMiranda\WP Pro\install.log"
XviD MPEG-4 Video Codec --> C:\WINDOWS\System32\rundll32.exe setupapi,InstallHinfSection Remove_XviD 132 C:\WINDOWS\INF\xvid.inf
YASA AVI to iPod Converter v3.0 (build 0026) --> C:\PROGRA~1\YASAAV~1\UNWISE.EXE C:\PROGRA~1\YASAAV~1\INSTALL.LOG
ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

-- Application Event Log -------------------------------------------------------

Event Record #/Type17109 / Warning
Event Submitted/Written: 03/30/2008 02:30:08 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type17108 / Error
Event Submitted/Written: 03/30/2008 02:15:17 PM
Event ID/Source: 8193 / VSS
Event Description:
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206.

Event Record #/Type17107 / Error
Event Submitted/Written: 03/30/2008 02:15:17 PM
Event ID/Source: 4609 / EventSystem
Event Description:
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043C from line 44 of d:\nt_qxp\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Event Record #/Type17106 / Warning
Event Submitted/Written: 03/30/2008 02:14:02 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type17105 / Error
Event Submitted/Written: 03/30/2008 02:06:07 PM
Event ID/Source: 8193 / VSS
Event Description:
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type75197 / Error
Event Submitted/Written: 03/30/2008 08:05:06 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Task Scheduler service failed to start due to the following error:
%%2

Event Record #/Type75188 / Error
Event Submitted/Written: 03/30/2008 08:03:09 PM / 03/30/2008 08:03:40 PM
Event ID/Source: 9 / iviVD
Event Description:
The device, \Device\Scsi\iviVD1, did not respond within the timeout period.

Event Record #/Type75175 / Error
Event Submitted/Written: 03/30/2008 07:52:15 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Task Scheduler service failed to start due to the following error:
%%2

Event Record #/Type75166 / Error
Event Submitted/Written: 03/30/2008 07:50:19 PM / 03/30/2008 07:50:49 PM
Event ID/Source: 9 / iviVD
Event Description:
The device, \Device\Scsi\iviVD1, did not respond within the timeout period.

Event Record #/Type75156 / Error
Event Submitted/Written: 03/30/2008 07:39:11 PM / 03/30/2008 07:39:41 PM
Event ID/Source: 9 / iviVD
Event Description:
The device, \Device\Scsi\iviVD1, did not respond within the timeout period.

-- End of Deckard's System Scanner: finished at 2008-03-30 20:45:12 ------------

Title: Help! Can't open programs, etc
Post by: guestolo on March 30, 2008, 10:23:39 PM

I want to try some cleaning
Do a "System scan only" with Hijackthis and put a check next to these entries:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0

O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\Michael\cftmon.exe

O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKCU\..\Run: [autoload] C:\Documents and Settings\Michael\cftmon.exe

O20 - Winlogon Notify: kbdrse - kbdrse.dll (file missing)

O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe (file missing)

After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Reboot the computer

Back in windows
Post a fresh hijackthis log

In addition go to START>>RUN>>copy and paste the next command below in bold

"%userprofile%\desktop\dss.exe" /daft

Hit OK
This will start DSS in a different way. A small window will appear.
Click on the Scan button.
When done can you save a log of it and post the contents back here
If it prompts, "All associations are Okay"
Let me know that also

Title: Help! Can't open programs, etc
Post by: mjm on March 30, 2008, 10:35:07 PM

Can you clarify wether I should c&p the following command before or after I've clicked "fix checked" and rebooted my PC? Sorry... a bit confused on that part.

"%userprofile%\desktop\dss.exe" /daft

Title: Help! Can't open programs, etc
Post by: guestolo on March 30, 2008, 10:36:16 PM

Quote

Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Reboot the computer

Back in windows
Post a fresh hijackthis log

In addition go to START>>RUN>>copy and paste the next command below in bold

"%userprofile%\desktop\dss.exe" /daft

Hit OK

AFTER

Title: Help! Can't open programs, etc
Post by: mjm on March 30, 2008, 10:54:41 PM

Okay... I ran into a few issues after rebooting.

1)Immediately after reboot I got a ZoneAlarm security alert that cftmon.exe is trying to access the internet (allow or deny?)

2) McAfee identified a trojan, and could not clean the file (C:\WINDOWS\system32\drivers\spools.exe) The trojan is identified as New Malware.j. (Should I quarantine the file?)

3) after pasting "%userprofile%\desktop\dss.exe" /daft into the command prompt I get a message that says, "windows cannot access the specified device, path, or file...may not have appropriate permissions"

I'm guessing I should deny cftmon.exe and quarantine the trojan, but I don't know what to do about the other item.

Title: Help! Can't open programs, etc
Post by: mjm on March 30, 2008, 10:58:19 PM

BTW, I tried running HJT again to get a fresh log file for you but got the message "windows cannot access the specified device, path, or file, etc".

Title: Help! Can't open programs, etc
Post by: guestolo on March 30, 2008, 10:59:20 PM

Go ahead and quarantine the file
Don't allow internet access thru zone alarm

Are you sure you copied that command exactly

"%userprofile%\desktop\dss.exe" /daft

Is McAfee's interfering with it?
do you have another keyboard to allow you to get to safe mode with F8?
We could try another tool to allow to safe mode, or use msconfig
But I don't like that route, if something is buggered with safeboot from malware
It could send you computer to a reboot loop that is tough to get out of

Title: Help! Can't open programs, etc
Post by: mjm on March 30, 2008, 11:10:59 PM

[quote name=\'guestolo\' post=\'425455\' date=\'Mar 30 2008, 09:59 PM\']Are you sure you copied that command exactly

"%userprofile%\desktop\dss.exe" /daft[/quote]

Yes. I just tried it again with the same response.

[quote name=\'guestolo\' post=\'425455\' date=\'Mar 30 2008, 09:59 PM\']Is McAfee's interfering with it?[/quote]

It doesn't appear to be... I just closed McAfee and tried it again and got the same response.

[quote name=\'guestolo\' post=\'425455\' date=\'Mar 30 2008, 09:59 PM\']do you have another keyboard to allow you to get to safe mode with F8?[/quote]

No, I don't have access to another kb at the moment, unfortunately.

[quote name=\'guestolo\' post=\'425455\' date=\'Mar 30 2008, 09:59 PM\']We could try another tool to allow to safe mode, or use msconfig
But I don't like that route, if something is buggered with safeboot from malware
It could send you computer to a reboot loop that is tough to get out of[/quote]

Yeah... I've experienced a reboot loop before... don't want to go through that problem again!! I'm willing to try anything... I suppose I can get a hold of another keyboard tomorrow if I need to (non USB perhaps?).

Thanks for your patience,
Michael

Title: Help! Can't open programs, etc
Post by: guestolo on March 30, 2008, 11:13:28 PM

try running xp_exe_fix.reg again

Then try the START>>RUN box again with
"%userprofile%\desktop\dss.exe" /daft

Yes, you want a Non-Usb keyboard

PS/2 is needed

Title: Help! Can't open programs, etc
Post by: mjm on March 30, 2008, 11:19:15 PM

[quote name=\'guestolo\' post=\'425457\' date=\'Mar 30 2008, 10:13 PM\']try running xp_exe_fix.reg again

Then try the START>>RUN box again with
"%userprofile%\desktop\dss.exe" /daft

Yes, you want a Non-Usb keyboard

PS/2 is needed[/quote]

Okay.. I wasn't sure if that was a good idea or not... I'll try it again. I have a PS/2 Adaptor SOMEWHERE, but can't locate it (I assume an adaptor might do the trick). I'll update you in a few..

Title: Help! Can't open programs, etc
Post by: guestolo on March 30, 2008, 11:19:56 PM

Also, make sure there is not a Program setting in ZoneAlarm that may be interfering

Title: Help! Can't open programs, etc
Post by: mjm on March 30, 2008, 11:23:36 PM

Okay... that worked. I recieved the message "all associations okay"... AND everything appears to be working normal again (including control panel items). I'm gonna reboot and see if it sticks. I'll give you another update in a few.

Title: Help! Can't open programs, etc
Post by: guestolo on March 30, 2008, 11:25:03 PM

Did you find the PS/2 adapter?

What about the fresh hijackthis log?

Title: Help! Can't open programs, etc
Post by: mjm on March 30, 2008, 11:39:00 PM

No, I can't locate the adaptor.. I'm afraid that'll have to wait till tomorrow. The problem returned after rebooting... same symptoms, same alerts from ZoneAlarm and McAfee. I had to run the registry fix again in order to generate another logfile (below).

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:49:34 PM, on 3/30/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Logi_MwX.Exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\QTTask.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Documents and Settings\Michael\cftmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\Michael\cftmon.exe
O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKCU\..\Run: [autoload] C:\Documents and Settings\Michael\cftmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: VonageRestart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: Download &Flash Movies - C:\Program Files\Flash2X\Flash Hunter\save.htm
O8 - Extra context menu item: Download Flash with Flash &Grabber - res://C:\PROGRA~1\FLASHG~1\swfgrab.dll/iesave
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Post Image to Blog - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5003
O8 - Extra context menu item: Tag This Image - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Transload Image to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5004
O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5001
O8 - Extra context menu item: View EXIF - C:\ViewEXIF\EXIF.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Flash - {5699BDDB-A771-4E54-ACBB-BE86921D7892} - C:\PROGRA~1\EZSAVE~1\EZSAVE~1.DLL
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PICgrabber - {4964E240-D53C-11D5-BDA9-444553540000} - C:\Program Files\PICgrabber\PICGRABBER.EXE (HKCU)
O9 - Extra 'Tools' menuitem: PICgrabber - Movie&Image Search/Download Software - {4964E240-D53C-11D5-BDA9-444553540000} - C:\Program Files\PICgrabber\PICGRABBER.EXE (HKCU)
O9 - Extra button: Flash2X Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: &Launch Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (file missing) (HKCU)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab (http://\"http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab\")
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab (http://\"http://www.ipix.com/download/ipixx.cab\")
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/bingame/trix/default/T...nx.1.0.0.87.cab (http://\"http://zone.msn.com/bingame/trix/default/TriJinx.1.0.0.87.cab\")
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games â€“ Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab (http://\"http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab\")
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/bingame/rtlw/default/R...bGameLoader.cab (http://\"http://zone.msn.com/bingame/rtlw/default/ReflexiveWebGameLoader.cab\")
O16 - DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} (QOLCheck Control) - https://www.select2perform.com/cabs/QOLCheck.ocx (http://\"https://www.select2perform.com/cabs/QOLCheck.ocx\")
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab (http://\"http://lads.myspace.com/upload/MySpaceUploader1006.cab\")
O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} (CPlayFirstPiratePoppersControl Object) - http://zone.msn.com/bingame/pppp/default/P...rs.1.0.0.39.cab (http://\"http://zone.msn.com/bingame/pppp/default/PiratePoppers.1.0.0.39.cab\")
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} - http://zone.msn.com/bingame/rock/default/popcaploader1.cab (http://\"http://zone.msn.com/bingame/rock/default/popcaploader1.cab\")
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...99/mcinsctl.cab (http://\"http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,99/mcinsctl.cab\")
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab (http://\"http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab\")
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://zone.msn.com/bingame/dsh2/default/D...h2.1.0.0.68.cab (http://\"http://zone.msn.com/bingame/dsh2/default/DinerDash2.1.0.0.68.cab\")
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab (http://\"http://go.divx.com/plugin/DivXBrowserPlugin.cab\")
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab (http://\"http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab\")
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/chnz/default/mjolauncher.cab (http://\"http://zone.msn.com/bingame/chnz/default/mjolauncher.cab\")
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab (http://\"http://www.worldwinner.com/games/shared/wwlaunch.cab\")
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresponse.one.microsoft.com/...p/TLIEFlash.CAB (http://\"https://rtc1.webresponse.one.microsoft.com/media/xp/TLIEFlash.CAB\")
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab (http://\"http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab\")
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab (http://\"http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab\")
O16 - DPF: {C7E002D6-324B-4500-883D-84B620FD8640} (Bridge Installer) - http://cdn2.zone.msn.com/Bingame/BRDG/data...6/heartbeat.cab (http://\"http://cdn2.zone.msn.com/Bingame/BRDG/dataFiles_64916/heartbeat.cab\")
O16 - DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} (LycosMail Upload Control) - http://mail.lycos.com/hanmail-ax/AttachMail.cab (http://\"http://mail.lycos.com/hanmail-ax/AttachMail.cab\")
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab (http://\"http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab\")
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab (http://\"http://zone.msn.com/bingame/feed/default/SproutLauncher.cab\")
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/cnma/default/ct.cab (http://\"http://zone.msn.com/bingame/cnma/default/ct.cab\")
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games â€“ Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab (http://\"http://zone.msn.com/binframework/v10/StProxy.cab55579.cab\")
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://zone.msn.com/bingame/dash/default/D...sh.1.0.0.98.cab (http://\"http://zone.msn.com/bingame/dash/default/DinerDash.1.0.0.98.cab\")
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab (http://\"http://zone.msn.com/bingame/popcaploader_v10.cab\")
O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} (CPlayFirstSweetopiaControl Object) - http://zone.msn.com/bingame/swet/default/S...ia.1.0.0.46.cab (http://\"http://zone.msn.com/bingame/swet/default/Sweetopia.1.0.0.46.cab\")
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 12336 bytes

Title: Help! Can't open programs, etc
Post by: guestolo on March 30, 2008, 11:59:30 PM

Do the following please

If you have any other copy(s) of ComboFix, delete them
Download this file - Combofix.exe (http://\"http://download.bleepingcomputer.com/sUBs/ComboFix.exe\") and save it ONLY to your desktop

==Open notepad
Copy ALL the BLUE text below and Paste to notepad
Don't use anything else than notepad or the script will not work

[color=\"#0000FF\"]File::
C:\WINDOWS\system32\drivers\spools.exe
C:\Documents and Settings\Michael\cftmon.exe
C:\scdd.exe
C:\W3NG.exe
C:\Documents and Settings\Michael\ftp33.dll
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ntuser"=-
"autoload"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
"TkBellExe"=-
"ntuser"=-
"autoload"=
[/color]
Save this as txtfile on your desktop
name it:
CFScript

Disable McAfee's so as it won't interfere with the next fix

(http://i184.photobucket.com/albums/x99/guestolo/CFScript.gif)
Drag CFScript.txt into ComboFix.exe
Combofix will start>>Follow the prompts
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

When finished, it shall produce a log for you with the name C:\ComboFix.txt..
I'll need to see that log

Post the combofix log along with a fresh hijackthis log

NOTE: Combofix will disconnect your Internet connection till after it reboots the computer
If after the log opens, you do not have connection
Simply reboot your computer again manually

Title: Help! Can't open programs, etc
Post by: mjm on March 31, 2008, 12:36:13 AM

Here's the 2 log files requested. I'll check for any additional instructions in the morning. Thanks again for the help.

-Michael

----------------------

ComboFix 08-03-30.2 - Michael 2008-03-30 23:43:09.1 - NTFSx86
Running from: C:\Documents and Settings\Michael\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Michael\Desktop\CFScript.txt
* Created a new restore point

[color=\"red\"]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]

FILE ::
C:\Documents and Settings\Michael\cftmon.exe
C:\Documents and Settings\Michael\ftp33.dll
C:\scdd.exe
C:\W3NG.exe
C:\WINDOWS\system32\drivers\spools.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Michael\cftmon.exe
C:\scdd.exe
C:\W3NG.exe
C:\WINDOWS\system32\AutoRun.inf

.
((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-31 )))))))))))))))))))))))))))))))
.

2008-03-30 23:38 . 2001-08-17 12:12 148,992 --a--c--- C:\WINDOWS\system32\dllcache\wlluc48.sys
2008-03-30 23:37 . 2001-08-17 13:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2008-03-30 23:36 . 2001-08-17 12:18 285,760 --a--c--- C:\WINDOWS\system32\dllcache\stlnata.sys
2008-03-30 23:35 . 2001-08-17 22:36 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll
2008-03-30 23:34 . 2001-08-17 14:56 1,738,496 --a--c--- C:\WINDOWS\system32\dllcache\nv4.dll
2008-03-30 23:33 . 2001-08-17 12:12 185,728 --a--c--- C:\WINDOWS\system32\dllcache\netwlan5.sys
2008-03-30 23:32 . 2001-08-17 13:28 802,683 --a--c--- C:\WINDOWS\system32\dllcache\ltsm.sys
2008-03-30 23:31 . 2001-08-17 22:36 585,344 --a--c--- C:\WINDOWS\system32\dllcache\i81xdnt5.dll
2008-03-30 23:30 . 2001-08-17 14:56 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
2008-03-30 23:29 . 2001-08-17 12:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys
2008-03-30 23:28 . 2001-08-17 12:13 980,034 --a--c--- C:\WINDOWS\system32\dllcache\cicap.sys
2008-03-30 23:27 . 2001-08-17 13:28 762,780 --a--c--- C:\WINDOWS\system32\dllcache\3cwmcru.sys
2008-03-30 23:26 . 2008-03-30 23:38 <DIR> d-------- C:\WINDOWS\LastGood
2008-03-30 23:26 . 2001-08-17 14:56 66,048 --a--c--- C:\WINDOWS\system32\dllcache\s3legacy.dll
2008-03-30 20:48 . 2008-03-30 20:48 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-30 20:39 . 2008-03-30 20:39 <DIR> d-------- C:\Deckard
2008-03-30 19:05 . 2008-03-30 19:13 <DIR> d-------- C:\I386
2008-03-30 13:55 . 2008-03-30 20:49 <DIR> d-------- C:\HJT
2008-03-30 13:39 . 2008-03-30 17:04 <DIR> d-------- C:\Documents and Settings\Michael\.housecall6.6
2008-03-30 13:25 . 2001-10-21 09:35 11,037 --a------ C:\WINDOWS\system32\RUNDLL32.EX_
2008-03-22 00:35 . 2008-03-22 00:35 <DIR> d-------- C:\Program Files\Active Data Recovery Services
2008-03-18 13:53 . 2008-03-18 13:53 <DIR> d-------- C:\Documents and Settings\Michael\Application Data\HP
2008-03-16 08:44 . 2008-03-16 08:44 <DIR> d-------- C:\Documents and Settings\Trina\Application Data\HPAppData
2008-03-15 18:24 . 2008-03-15 18:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WEBREG
2008-03-15 18:21 . 2008-03-20 10:16 <DIR> d-------- C:\Documents and Settings\Michael\Application Data\HPAppData
2008-03-15 18:21 . 2008-03-15 18:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2008-03-15 18:20 . 2008-03-15 18:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-03-15 18:20 . 2008-03-15 18:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-03-15 18:19 . 2008-03-15 18:19 <DIR> d-------- C:\Program Files\Common Files\HP
2008-03-15 18:17 . 2008-03-15 18:21 <DIR> d-------- C:\Program Files\HP
2008-03-15 18:14 . 2008-03-15 18:01 136,918 --------- C:\WINDOWS\HPHins15.dat.temp
2008-03-15 18:14 . 2007-08-27 23:45 2,828 --------- C:\WINDOWS\hphmdl15.dat.temp
2008-03-15 17:57 . 2008-03-15 17:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-03-15 17:57 . 2008-03-15 18:23 137,607 --a------ C:\WINDOWS\HPHins15.dat
2008-03-15 17:57 . 2007-08-27 23:45 2,828 --------- C:\WINDOWS\hphmdl15.dat
2008-03-15 17:56 . 2007-03-30 08:11 267,864 -ra------ C:\WINDOWS\system32\hpzids01.dll
2008-03-15 17:56 . 2007-03-28 14:01 117,760 --a------ C:\WINDOWS\system32\hpzll5ha.dll
2008-03-15 17:56 . 2001-07-21 14:40 3,144 --a--c--- C:\WINDOWS\system32\dllcache\srgb.icm
2008-03-15 17:55 . 2001-08-17 14:00 24,832 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-03-15 17:55 . 2001-08-17 14:00 24,832 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-03-14 01:27 . 2008-03-30 17:15 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-14 01:27 . 2008-03-14 01:27 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-13 09:20 . 2008-03-13 09:20 <DIR> d-------- C:\Documents and Settings\Michael\Application Data\Total Eclipse
2008-03-10 12:41 . 2008-03-10 12:41 <DIR> d-------- C:\Documents and Settings\Michael\Application Data\Jane s Hotel
2008-03-06 23:14 . 2008-03-06 23:16 <DIR> d-------- C:\Documents and Settings\Michael\Application Data\gemsweeperextractedgfx
2008-03-06 23:14 . 2008-03-06 23:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\My Games
2008-03-06 09:40 . 2008-03-06 09:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Zylom
2008-03-05 23:59 . 2008-03-05 23:59 <DIR> d-------- C:\Program Files\ImageShackToolbar
2008-02-24 15:19 . 2008-03-30 10:24 <DIR> d-------- C:\Documents and Settings\Michael\Application Data\MSN6
2008-02-24 15:19 . 2008-02-24 15:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MSN6
2008-02-23 16:37 . 2008-02-23 16:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NeptunesAdve
2008-02-17 08:33 . 2008-02-17 08:33 <DIR> d-------- C:\Documents and Settings\Michael\Saved Games
2008-02-17 07:55 . 2008-02-17 07:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Go Go Gourmet

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-29 01:56 --------- d-----w C:\Documents and Settings\Michael\Application Data\uTorrent
2008-03-28 17:28 --------- d-----w C:\Documents and Settings\Michael\Application Data\PlayFirst
2008-03-28 17:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-03-25 13:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\MumboJumbo
2008-03-16 01:12 --------- d-----w C:\Program Files\EPSON
2008-03-16 01:10 --------- d-----w C:\Program Files\MSN Games
2008-03-13 04:20 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-10 13:56 2,636,800 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2008-03-09 14:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-03-06 21:41 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLea.DAT
2008-02-25 10:08 86,933 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_02_23_02_01_59_small.dmp.zip
2008-02-25 10:08 17,218,400 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_02_23_00_26_23_full.dmp.zip
2008-02-25 10:07 91,719 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_02_22_23_03_46_small.dmp.zip
2008-02-25 10:07 87,356 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_02_22_23_46_34_small.dmp.zip
2008-02-23 03:04 100,013 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_02_22_19_27_10_small.dmp.zip
2008-02-18 06:02 18,255,480 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2007-12-23 21:59 90,992 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_12_22_15_38_13_small.dmp.zip
2007-12-15 07:55 96,974 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_12_14_23_30_10_small.dmp.zip
2007-11-26 20:22 41,472 ----a-w C:\Program Files\Ochsner Medical Center log in.doc
2007-11-07 03:16 87,406 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_11_05_10_44_04_small.dmp.zip
2007-11-07 03:16 87,361 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_11_05_03_12_25_small.dmp.zip
2007-11-07 03:16 84,152 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_11_05_02_07_50_small.dmp.zip
2007-06-22 03:13 2,647,552 ----a-w C:\WINDOWS\Internet Logs\xDB2729.tmp
2007-06-22 03:13 1,935,360 ----a-w C:\WINDOWS\Internet Logs\xDB272A.tmp
2007-04-07 15:28 1,826,816 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2007-01-16 19:58 1,601,536 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2006-12-30 17:47 1,561,600 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2006-11-11 09:44 1,438,720 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2006-11-11 08:47 1,435,136 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2006-11-11 04:57 1,434,624 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2006-10-19 20:52 1,315,840 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2006-10-04 20:20 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLbz.DAT
2006-03-20 18:48 6,939 ----a-w C:\Program Files\viewexif.xpi
2006-02-06 07:18 110,080 --sha-w C:\Program Files\Thumbs.db
2002-12-02 19:02 30 ----a-w C:\Program Files\Wfa.ini
2002-12-02 19:02 24,576 ----a-w C:\Program Files\Wfa.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Rasmpc]
@={9D1F87E7-4D72-41AB-9D57-D101A08F20E5}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 22:32 53248]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"MediaFace Integration"="C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe" [2004-12-10 16:39 53248]
"Logitech Utility"="Logi_MwX.Exe" [2003-03-04 02:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 17:29 303104]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 12:05 212992]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 17:18 151552]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 11:49 163840]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 21:02 53248]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-08-23 22:38 968696]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152]
"TotalRecorderScheduler"="C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe" [2006-05-12 01:32 86016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2001-10-21 09:34 51200 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\Trina\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2005-06-17 13:03:30 256000]

C:\Documents and Settings\Michael\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-04 21:36:22 113664]
VonageRestart.exe [2006-08-17 03:58:46 3889140]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24 210520]
Monitor.lnk - C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe [2006-03-11 18:17:46 110592]
NkvMon.exe.lnk - C:\Program Files\Nikon\NkView6\NkvMon.exe [2006-03-16 13:22:23 233472]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.
Contents of the 'Scheduled Tasks' folder
"2008-03-29 06:35:17 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net (http://\"http://www.gmer.net\")
Rootkit scan 2008-03-30 23:46:36
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-30 23:47:39
ComboFix-quarantined-files.txt 2008-03-31 06:47:36
Pre-Run: 49,271,451,648 bytes free
Post-Run: 49,286,598,656 bytes free

---------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:48:24 PM, on 3/30/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Logi_MwX.Exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\CF9120.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: VonageRestart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: Download &Flash Movies - C:\Program Files\Flash2X\Flash Hunter\save.htm
O8 - Extra context menu item: Download Flash with Flash &Grabber - res://C:\PROGRA~1\FLASHG~1\swfgrab.dll/iesave
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Post Image to Blog - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5003
O8 - Extra context menu item: Tag This Image - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Transload Image to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5004
O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5001
O8 - Extra context menu item: View EXIF - C:\ViewEXIF\EXIF.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Flash - {5699BDDB-A771-4E54-ACBB-BE86921D7892} - C:\PROGRA~1\EZSAVE~1\EZSAVE~1.DLL
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PICgrabber - {4964E240-D53C-11D5-BDA9-444553540000} - C:\Program Files\PICgrabber\PICGRABBER.EXE (HKCU)
O9 - Extra 'Tools' menuitem: PICgrabber - Movie&Image Search/Download Software - {4964E240-D53C-11D5-BDA9-444553540000} - C:\Program Files\PICgrabber\PICGRABBER.EXE (HKCU)
O9 - Extra button: Flash2X Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: &Launch Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (file missing) (HKCU)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab (http://\"http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab\")
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab (http://\"http://www.ipix.com/download/ipixx.cab\")
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/bingame/trix/default/T...nx.1.0.0.87.cab (http://\"http://zone.msn.com/bingame/trix/default/TriJinx.1.0.0.87.cab\")
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games â€“ Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab (http://\"http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab\")
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/bingame/rtlw/default/R...bGameLoader.cab (http://\"http://zone.msn.com/bingame/rtlw/default/ReflexiveWebGameLoader.cab\")
O16 - DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} (QOLCheck Control) - https://www.select2perform.com/cabs/QOLCheck.ocx (http://\"https://www.select2perform.com/cabs/QOLCheck.ocx\")
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab (http://\"http://lads.myspace.com/upload/MySpaceUploader1006.cab\")
O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} (CPlayFirstPiratePoppersControl Object) - http://zone.msn.com/bingame/pppp/default/P...rs.1.0.0.39.cab (http://\"http://zone.msn.com/bingame/pppp/default/PiratePoppers.1.0.0.39.cab\")
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} - http://zone.msn.com/bingame/rock/default/popcaploader1.cab (http://\"http://zone.msn.com/bingame/rock/default/popcaploader1.cab\")
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...99/mcinsctl.cab (http://\"http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,99/mcinsctl.cab\")
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab (http://\"http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab\")
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://zone.msn.com/bingame/dsh2/default/D...h2.1.0.0.68.cab (http://\"http://zone.msn.com/bingame/dsh2/default/DinerDash2.1.0.0.68.cab\")
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab (http://\"http://go.divx.com/plugin/DivXBrowserPlugin.cab\")
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab (http://\"http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab\")
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/chnz/default/mjolauncher.cab (http://\"http://zone.msn.com/bingame/chnz/default/mjolauncher.cab\")
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab (http://\"http://www.worldwinner.com/games/shared/wwlaunch.cab\")
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresponse.one.microsoft.com/...p/TLIEFlash.CAB (http://\"https://rtc1.webresponse.one.microsoft.com/media/xp/TLIEFlash.CAB\")
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab (http://\"http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab\")
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab (http://\"http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab\")
O16 - DPF: {C7E002D6-324B-4500-883D-84B620FD8640} (Bridge Installer) - http://cdn2.zone.msn.com/Bingame/BRDG/data...6/heartbeat.cab (http://\"http://cdn2.zone.msn.com/Bingame/BRDG/dataFiles_64916/heartbeat.cab\")
O16 - DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} (LycosMail Upload Control) - http://mail.lycos.com/hanmail-ax/AttachMail.cab (http://\"http://mail.lycos.com/hanmail-ax/AttachMail.cab\")
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab (http://\"http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab\")
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab (http://\"http://zone.msn.com/bingame/feed/default/SproutLauncher.cab\")
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/cnma/default/ct.cab (http://\"http://zone.msn.com/bingame/cnma/default/ct.cab\")
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games â€“ Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab (http://\"http://zone.msn.com/binframework/v10/StProxy.cab55579.cab\")
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://zone.msn.com/bingame/dash/default/D...sh.1.0.0.98.cab (http://\"http://zone.msn.com/bingame/dash/default/DinerDash.1.0.0.98.cab\")
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab (http://\"http://zone.msn.com/bingame/popcaploader_v10.cab\")
O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} (CPlayFirstSweetopiaControl Object) - http://zone.msn.com/bingame/swet/default/S...ia.1.0.0.46.cab (http://\"http://zone.msn.com/bingame/swet/default/Sweetopia.1.0.0.46.cab\")
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 12081 bytes

Title: Help! Can't open programs, etc
Post by: mjm on March 31, 2008, 01:09:15 AM

Update - Everything appears to be working normally after running Combofix and rebooting. Also, I haven't recieved any more pop ups from ZoneAlarm or McAfee. Are those issues resolved now as well?

Here's a fresh log file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:21:41 AM, on 3/31/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Logi_MwX.Exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: VonageRestart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: Download &Flash Movies - C:\Program Files\Flash2X\Flash Hunter\save.htm
O8 - Extra context menu item: Download Flash with Flash &Grabber - res://C:\PROGRA~1\FLASHG~1\swfgrab.dll/iesave
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Post Image to Blog - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5003
O8 - Extra context menu item: Tag This Image - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Transload Image to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5004
O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5001
O8 - Extra context menu item: View EXIF - C:\ViewEXIF\EXIF.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Flash - {5699BDDB-A771-4E54-ACBB-BE86921D7892} - C:\PROGRA~1\EZSAVE~1\EZSAVE~1.DLL
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PICgrabber - {4964E240-D53C-11D5-BDA9-444553540000} - C:\Program Files\PICgrabber\PICGRABBER.EXE (HKCU)
O9 - Extra 'Tools' menuitem: PICgrabber - Movie&Image Search/Download Software - {4964E240-D53C-11D5-BDA9-444553540000} - C:\Program Files\PICgrabber\PICGRABBER.EXE (HKCU)
O9 - Extra button: Flash2X Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: &Launch Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (file missing) (HKCU)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab (http://\"http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab\")
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab (http://\"http://www.ipix.com/download/ipixx.cab\")
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/bingame/trix/default/T...nx.1.0.0.87.cab (http://\"http://zone.msn.com/bingame/trix/default/TriJinx.1.0.0.87.cab\")
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games â€“ Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab (http://\"http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab\")
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/bingame/rtlw/default/R...bGameLoader.cab (http://\"http://zone.msn.com/bingame/rtlw/default/ReflexiveWebGameLoader.cab\")
O16 - DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} (QOLCheck Control) - https://www.select2perform.com/cabs/QOLCheck.ocx (http://\"https://www.select2perform.com/cabs/QOLCheck.ocx\")
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab (http://\"http://lads.myspace.com/upload/MySpaceUploader1006.cab\")
O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} (CPlayFirstPiratePoppersControl Object) - http://zone.msn.com/bingame/pppp/default/P...rs.1.0.0.39.cab (http://\"http://zone.msn.com/bingame/pppp/default/PiratePoppers.1.0.0.39.cab\")
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} - http://zone.msn.com/bingame/rock/default/popcaploader1.cab (http://\"http://zone.msn.com/bingame/rock/default/popcaploader1.cab\")
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...99/mcinsctl.cab (http://\"http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,99/mcinsctl.cab\")
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab (http://\"http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab\")
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://zone.msn.com/bingame/dsh2/default/D...h2.1.0.0.68.cab (http://\"http://zone.msn.com/bingame/dsh2/default/DinerDash2.1.0.0.68.cab\")
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab (http://\"http://go.divx.com/plugin/DivXBrowserPlugin.cab\")
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab (http://\"http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab\")
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/chnz/default/mjolauncher.cab (http://\"http://zone.msn.com/bingame/chnz/default/mjolauncher.cab\")
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab (http://\"http://www.worldwinner.com/games/shared/wwlaunch.cab\")
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresponse.one.microsoft.com/...p/TLIEFlash.CAB (http://\"https://rtc1.webresponse.one.microsoft.com/media/xp/TLIEFlash.CAB\")
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab (http://\"http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab\")
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab (http://\"http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab\")
O16 - DPF: {C7E002D6-324B-4500-883D-84B620FD8640} (Bridge Installer) - http://cdn2.zone.msn.com/Bingame/BRDG/data...6/heartbeat.cab (http://\"http://cdn2.zone.msn.com/Bingame/BRDG/dataFiles_64916/heartbeat.cab\")
O16 - DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} (LycosMail Upload Control) - http://mail.lycos.com/hanmail-ax/AttachMail.cab (http://\"http://mail.lycos.com/hanmail-ax/AttachMail.cab\")
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab (http://\"http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab\")
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab (http://\"http://zone.msn.com/bingame/feed/default/SproutLauncher.cab\")
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/cnma/default/ct.cab (http://\"http://zone.msn.com/bingame/cnma/default/ct.cab\")
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games â€“ Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab (http://\"http://zone.msn.com/binframework/v10/StProxy.cab55579.cab\")
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://zone.msn.com/bingame/dash/default/D...sh.1.0.0.98.cab (http://\"http://zone.msn.com/bingame/dash/default/DinerDash.1.0.0.98.cab\")
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab (http://\"http://zone.msn.com/bingame/popcaploader_v10.cab\")
O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} (CPlayFirstSweetopiaControl Object) - http://zone.msn.com/bingame/swet/default/S...ia.1.0.0.46.cab (http://\"http://zone.msn.com/bingame/swet/default/Sweetopia.1.0.0.46.cab\")
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 11959 bytes

Title: Help! Can't open programs, etc
Post by: guestolo on March 31, 2008, 12:36:22 PM

Can you run another scanner for me please

temporarily disable McAfee antivirus ahead of time
Then
Use the Internet Explorer browser (or FireFox with IETab), and do an online scan with [color=\"blue\"]Kaspersky Online Scanner[/color] (http://\"http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html\")

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet [color=\"#3333FF\"]Explorer 7[/color] users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%[/i].)
The program launches and downloads the latest definition files.

Once the files are downloaded click on Next
Click on Scan Settings and configure as follows:
- Scan using the following Anti-Virus database:
  [color=\"#6666CC\"]Extended[/color]
Scan Options:
[color=\"#6666CC\"]Scan Archives[/color]

[color=\"#6666CC\"]Scan Mail Bases[/color]
[/list]
[/list]

Click OK and, under select a target to scan, select My Computer

When the scan is done, in the [color=\"Navy\"]Scan is completed [/color]window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.
(http://i184.photobucket.com/albums/x99/guestolo/Kas-SaveReport-1.gif)
To obtain the report:
Click on: Save Report As (above - red blinking arrow)
Next, in the [color=\"Navy\"]Save as [/color]prompt, [color=\"navy\"]Save in[/color] area, select: Desktop
In the [color=\"navy\"]File name[/color] area, use KScan, or something similar
In [color=\"navy\"]Save as type[/color], click the drop arrow and select: Text file [*.txt]
Then, click: Save
Post the [color=\"Navy\"]Kaspersky Online Scanner Report [/color]in your reply.

Title: Help! Can't open programs, etc
Post by: mjm on March 31, 2008, 03:26:04 PM

Here is the requested report:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, March 31, 2008 2:42:31 PM
Operating System: Microsoft Windows XP Professional, (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 31/03/2008
Kaspersky Anti-Virus database records: 674679
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 105413
Number of viruses found: 6
Number of infected objects: 17
Number of suspicious objects: 0
Duration of the scan process: 01:40:22

Infected Object Name / Virus Name / Last Action
C:\Deckard\System Scanner\20080330204523\backup\WINDOWS\Downloaded Program Files\popcaploader.dll Infected: not-a-virus:Downloader.Win32.PopCap.b skipped
C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Logs\TaskScheduler\McTskshd000.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee.com\VSO\OASLogs\OAS.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\6aa2917d8adef8359149c8dcdbc26090_76d03e56-2d5e-415c-b982-09900d580a44 Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\i05vjm0q.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\i05vjm0q.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\i05vjm0q.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\i05vjm0q.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\i05vjm0q.default\cert8.db Object is locked skipped
C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\i05vjm0q.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\i05vjm0q.default\history.dat Object is locked skipped
C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\i05vjm0q.default\key3.db Object is locked skipped
C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\i05vjm0q.default\parent.lock Object is locked skipped
C:\Documents and Settings\Michael\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\History\History.IE5\MSHist012008033120080401\index.dat Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\temp\~DFEB4C.tmp Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Michael\ntuser.dat Object is locked skipped
C:\Documents and Settings\Michael\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Michael\~31324.tmp Infected: Trojan-Downloader.Win32.Small.tra skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Trina\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-5efd1945-1726b875.zip/vmain.class Infected: Exploit.Java.Gimsh.b skipped
C:\Documents and Settings\Trina\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-5efd1945-1726b875.zip ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Michael\cftmon.exe.vir Infected: Trojan-Downloader.Win32.Small.tra skipped
C:\QooBox\Quarantine\C\scdd.exe.vir Infected: Trojan-Dropper.Win32.Small.bep skipped
C:\QooBox\Quarantine\C\W3NG.exe.vir Infected: Trojan-Downloader.Win32.Small.tra skipped
C:\System Volume Information\_restore{D8DEC47B-E14F-49A0-97A1-0738960E6369}\RP1163\A0325404.dll Infected: Trojan-Downloader.Win32.Small.tra skipped
C:\System Volume Information\_restore{D8DEC47B-E14F-49A0-97A1-0738960E6369}\RP1164\A0325494.dll Infected: Trojan-Downloader.Win32.Small.tra skipped
C:\System Volume Information\_restore{D8DEC47B-E14F-49A0-97A1-0738960E6369}\RP1164\A0325530.dll Infected: Trojan-Downloader.Win32.Small.tra skipped
C:\System Volume Information\_restore{D8DEC47B-E14F-49A0-97A1-0738960E6369}\RP1165\A0327741.exe Infected: Trojan-Downloader.Win32.Small.tra skipped
C:\System Volume Information\_restore{D8DEC47B-E14F-49A0-97A1-0738960E6369}\RP1165\A0327742.exe Infected: Trojan-Dropper.Win32.Small.bep skipped
C:\System Volume Information\_restore{D8DEC47B-E14F-49A0-97A1-0738960E6369}\RP1165\A0327743.exe Infected: Trojan-Downloader.Win32.Small.tra skipped
C:\System Volume Information\_restore{D8DEC47B-E14F-49A0-97A1-0738960E6369}\RP1165\change.log Object is locked skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\MICHAEL-N66C1KN.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\1162362433.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.BHO.ba skipped
C:\WINDOWS\system32\1162362433.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.VB.y skipped
C:\WINDOWS\system32\1162362433.exe/stream Infected: not-a-virus:AdWare.Win32.VB.y skipped
C:\WINDOWS\system32\1162362433.exe NSIS: infected - 3 skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\Temp\ZLT028bf.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT03636.TMP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
F:\System Volume Information\_restore{D8DEC47B-E14F-49A0-97A1-0738960E6369}\RP1165\change.log Object is locked skipped

Scan process completed.

Title: Help! Can't open programs, etc
Post by: guestolo on March 31, 2008, 07:49:06 PM

That looks good, why are you so behind on Windows updates??
Is this an illegal version of XP, just enquiring

Title: Help! Can't open programs, etc
Post by: mjm on March 31, 2008, 08:32:31 PM

[quote name=\'guestolo\' post=\'425565\' date=\'Mar 31 2008, 06:49 PM\']That looks good, why are you so behind on Windows updates??
Is this an illegal version of XP, just enquiring[/quote]

Yes, my version won't allow further updates. Thanks so much for your time... you've been a tremendous help!

/biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' />

-Michael

Title: Help! Can't open programs, etc
Post by: guestolo on April 01, 2008, 08:06:24 AM

Try to keep this computer as safe as possible, without the updates, you risk reinfection

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
[color=\"blue\"]Updating Java:[/color]

Download the latest version of Java Runtime Environment (JRE) 6 Update 5 (http://\"http://java.sun.com/javase/downloads/index.jsp\").
From that link scroll down to where it says "Java Runtime Environment (JRE) 6 Update 5".
Click the "Download" button to the right.
Click the Accept button>>the page will refresh
Click on the link to download Windows Offline Installation, Multi-language (15.18 MB) and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add or Remove Programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.

- Examples of older versions in Add or Remove Programs:
* Java 2 Runtime Environment, SE v1.4.2
* J2SE Runtime Environment 5.0
* J2SE Runtime Environment 5.0 Update 2
[/list]
In your case, remove
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
Don't install the new version yet

Go to START>>RUN>>copy then paste the next entry in bold

ComboFix /u
Then hit OK
This will uninstall combofix

Go to START>>All Programs>>Accessories>>System Tools>>System Restore
Select>>Create a New restore point
Give it a name, any name,
and click Create
Windows will prompt when it was created successfully

When that's done

Go to START>>RUN>>type the following
cleanmgr
Hit OK
Let if finish calculating

Select the More Options tab
and click Cleanup.. under 'System Restore'
This will clear all later restore points except for the one you just made

Ok the prompts, it may take a few seconds to remove old restore points
Ok again after it's ready and let it finish cleaning

download the [color=\"red\"]OTMoveIt2 by OldTimer[/color] (http://\"http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe\")[/url].

Save it to your desktop.
Double-click OTMoveIt2.exe to run it.
Click the Cleanup! button
A list will be downloaded>>Allow it Internet access if prompted by your Firewall
Don't change anything in this list
Select Yes at the prompt
Wait for the confirmation box to open to reboot the computer
Don't mouseclick during the wait as you may cause the tool to stall
Select Yes to reboot Now

NOTE: This procedure will also delete OTMoveit.exe from desktop

After reboot, go ahead and install the latest version of Sun Java from the installer on desktop

I suggest that you add SpywareBlaster to your protection software
SpywareBlaster by JavaCool (http://\"http://www.javacoolsoftware.com/spywareblaster.html\")

After installation, Check for updates
After updating, select "Protection" on the Left
Then select "Enable all Protection"
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"

In addition, it would be a good idea to download and install
Spybot 1.5.2.20 (http://\"http://fileforum.betanews.com/detail/Spybot_Search_and_Destroy/1043809773/1\")
After installation, Search for and Download all updates
After updating, utilize the Immunization feature
Click Immunize>>Immunize again the top green cross
Do that after every update
Probably a good idea to Check for Problems and fix anything in Red

It's a great idea to use Mozilla Firefox, I see you have it installed
But it is an older version, for security reasons, you should update it also
Download the latest version from here
http://www.mozilla.com/en-US/firefox/ (http://\"http://www.mozilla.com/en-US/firefox/\")
Uninstall your version from add/remove programs then install the newest

Take a look at miekiemoes site with other ideas on How to prevent Malware: (http://\"http://users.telenet.be/bluepatchy/miekiemoes/prevention.html\")

I hope that helps

/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />

Title: Help! Can't open programs, etc
Post by: mjm on April 01, 2008, 01:10:20 PM

Cool... thanks for the tips... and the help!

/biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' />

-Michael

Title: Help! Can't open programs, etc
Post by: guestolo on April 01, 2008, 06:16:36 PM

Your welcome, I'll lock this topic as your problems appear resolved
Take care mjm

/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />